diff options
author | jim-p <jimp@pfsense.org> | 2015-07-01 11:18:22 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2015-07-01 11:18:22 -0400 |
commit | 009bd5fea3306e7e3a2365130e5e8672dc312b67 (patch) | |
tree | d5f747a0f2c0b106903d93ebf4b26a7e730c7312 /usr/local/www | |
parent | f7ca96741d67a0719da213d410cf17e4437619f4 (diff) | |
download | pfsense-009bd5fea3306e7e3a2365130e5e8672dc312b67.zip pfsense-009bd5fea3306e7e3a2365130e5e8672dc312b67.tar.gz |
Encode ca/cert descr in vpn_openvpn_server.php
Diffstat (limited to 'usr/local/www')
-rw-r--r-- | usr/local/www/vpn_openvpn_server.php | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index b049c81..801575a 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -959,7 +959,7 @@ if ($savemsg) if ($pconfig['caref'] == $ca['refid']) $selected = "selected=\"selected\""; ?> - <option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option> + <option value="<?=$ca['refid'];?>" <?=$selected;?>><?=htmlspecialchars($ca['descr']);?></option> <?php endforeach; ?> </select> <?php else: ?> @@ -979,12 +979,12 @@ if ($savemsg) $caname = ""; $ca = lookup_ca($crl['caref']); if ($ca) { - $caname = " (CA: {$ca['descr']})"; + $caname = " (CA: " . htmlspecialchars($ca['descr']) . ")"; if ($pconfig['crlref'] == $crl['refid']) $selected = "selected=\"selected\""; } ?> - <option value="<?=$crl['refid'];?>" <?=$selected;?>><?=$crl['descr'] . $caname;?></option> + <option value="<?=$crl['refid'];?>" <?=$selected;?>><?=htmlspecialchars($crl['descr']) . $caname;?></option> <?php endforeach; ?> </select> <?php else: ?> @@ -1005,7 +1005,7 @@ if ($savemsg) $revoked = ""; $ca = lookup_ca($cert['caref']); if ($ca) - $caname = " (CA: {$ca['descr']})"; + $caname = " (CA: " . htmlspecialchars($ca['descr']) . ")"; if ($pconfig['certref'] == $cert['refid']) $selected = "selected=\"selected\""; if (cert_in_use($cert['refid'])) @@ -1013,7 +1013,7 @@ if ($savemsg) if (is_cert_revoked($cert)) $revoked = " *Revoked"; ?> - <option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'] . $caname . $inuse . $revoked;?></option> + <option value="<?=$cert['refid'];?>" <?=$selected;?>><?=htmlspecialchars($cert['descr']) . $caname . $inuse . $revoked;?></option> <?php endforeach; ?> </select> <?php else: ?> |